CA2698086C - Apparatus and method for conducting secure financial transactions - Google Patents
Apparatus and method for conducting secure financial transactions Download PDFInfo
- Publication number
- CA2698086C CA2698086C CA2698086A CA2698086A CA2698086C CA 2698086 C CA2698086 C CA 2698086C CA 2698086 A CA2698086 A CA 2698086A CA 2698086 A CA2698086 A CA 2698086A CA 2698086 C CA2698086 C CA 2698086C
- Authority
- CA
- Canada
- Prior art keywords
- user
- secure
- transaction
- security information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
- G07F7/1075—PIN is checked remotely
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
A system and method are disclosed for conducting secure electronic transactions using dual-authentications. A secure server stores security information for a plurality of users and authorizes transactions being conducted by these users. A user computer system having a trusted platform module is used for storing security information relating to at least one user account. Protected environments are created to facilitate secure connections based on at least the security information stored in the trusted platform module. Transactions between the user/electronic merchants and between the user/secure server are conducted within protected environments. When a user conducts an electronic transaction with an electronic merchant, the transaction is authenticated by the secure server before can be completed.
Description
APPARATUS AND METHOD FOR CONDUCTING
SECURE FINANCIAL TRANSACTIONS
BACKGROUND OF THE INVENTION
Technical Field The present invention relates to electronic transactions and, more particularly, to a system and method for conducting dual-authenticated electronic transactions without the use of a point of sale device.
Description of the Related Art Consumers have become accustomed to conducting electronic transactions using networks such as the Internet. The popularity of electronic transactions has grown such that many consumers purchase more items electronically than in physical store locations. As the popularity of electronic transactions continues to grow, so too has electronic thefts. Hackers have developed numerous techniques to gain access to user account information.
Once the account information is obtained, the hacker is able to conduct electronic transactions and charge the costs to the user account.
Various techniques have been developed in an attempt to prevent such theft by hackers. According to at least one conventional technique, users conduct transactions using the encryption provisions of a selected web browser (e.g., Internet Explorer, Firefox, Netscape, etc.). While offering a certain level of security, such techniques are susceptible to flaws in the browser and operating system themselves. These techniques also do not prevent hackers from implanting Trojans, or other malicious programs, in a user's computer to access security information stored on the computer or to intercept such information during electronic transactions.
Dual-factor authentication techniques have been utilized in order to improve security of electronic transactions. A first factor can correspond to something unique or available to a user, such as an automated teller machine (ATM) card, smartcard, etc. The second factor can correspond to something known to, or associated with, the user such as a personal identification number (PIN), fingerprint, retina pattern, etc.
For example, one current methodology attaches a peripheral PIN entry device (PED) using a data connection, such as a USB connection, to a device (e.g., computer, mobile phone, PDA, etc.) capable of accessing a network
SECURE FINANCIAL TRANSACTIONS
BACKGROUND OF THE INVENTION
Technical Field The present invention relates to electronic transactions and, more particularly, to a system and method for conducting dual-authenticated electronic transactions without the use of a point of sale device.
Description of the Related Art Consumers have become accustomed to conducting electronic transactions using networks such as the Internet. The popularity of electronic transactions has grown such that many consumers purchase more items electronically than in physical store locations. As the popularity of electronic transactions continues to grow, so too has electronic thefts. Hackers have developed numerous techniques to gain access to user account information.
Once the account information is obtained, the hacker is able to conduct electronic transactions and charge the costs to the user account.
Various techniques have been developed in an attempt to prevent such theft by hackers. According to at least one conventional technique, users conduct transactions using the encryption provisions of a selected web browser (e.g., Internet Explorer, Firefox, Netscape, etc.). While offering a certain level of security, such techniques are susceptible to flaws in the browser and operating system themselves. These techniques also do not prevent hackers from implanting Trojans, or other malicious programs, in a user's computer to access security information stored on the computer or to intercept such information during electronic transactions.
Dual-factor authentication techniques have been utilized in order to improve security of electronic transactions. A first factor can correspond to something unique or available to a user, such as an automated teller machine (ATM) card, smartcard, etc. The second factor can correspond to something known to, or associated with, the user such as a personal identification number (PIN), fingerprint, retina pattern, etc.
For example, one current methodology attaches a peripheral PIN entry device (PED) using a data connection, such as a USB connection, to a device (e.g., computer, mobile phone, PDA, etc.) capable of accessing a network
2 such as the internet. The PED is used to read information from a magnetic strip of the ATM card using the conventional "swiping" technique. Next, the PIN is entered into the PED, where it is further encrypted by the PED together with information read form the swiped card. The PED subsequently transmits the encrypted information across the network to a location where the transaction will be processed.
While this technique can greatly increase the level of security due to added authentication, it is necessary to incorporate additional hardware such as the PED. The additional costs and complications can often act as a deterrent to conventional users seeking additional security for personal transactions.
Accordingly, there exists a need for increasing the level of security associated electronic transactions.
There also exists a need for conducting dual-authenticated personal transactions without complicated hardware.
SUMMARY OF THE INVENTION
It is therefore one feature and advantage of the present invention to address at least some of the shortcomings of the prior art in conducting secure electronic transactions.
It is another optional feature and advantage of the present invention to increase the level of security associated with electronic transactions using dual-authentication.
It is yet another optional feature and advantage of the present invention to provide a secure platform for conducting dual-authenticated electronic transactions without the need for external hardware.
The foregoing, and various other needs, are addressed, at least in part, by the present invention, wherein a secure server stores security information from a user, and authenticates the user during electronic transactions between the user and another party.
According to one embodiment of the invention, a system is provided for conducting secure transactions. The system includes a secure server, an electronic merchant (and/or financial institution), and a user computer. The secure server stores security information for a plurality of users and authorizes transactions being conducted by these users. The electronic
While this technique can greatly increase the level of security due to added authentication, it is necessary to incorporate additional hardware such as the PED. The additional costs and complications can often act as a deterrent to conventional users seeking additional security for personal transactions.
Accordingly, there exists a need for increasing the level of security associated electronic transactions.
There also exists a need for conducting dual-authenticated personal transactions without complicated hardware.
SUMMARY OF THE INVENTION
It is therefore one feature and advantage of the present invention to address at least some of the shortcomings of the prior art in conducting secure electronic transactions.
It is another optional feature and advantage of the present invention to increase the level of security associated with electronic transactions using dual-authentication.
It is yet another optional feature and advantage of the present invention to provide a secure platform for conducting dual-authenticated electronic transactions without the need for external hardware.
The foregoing, and various other needs, are addressed, at least in part, by the present invention, wherein a secure server stores security information from a user, and authenticates the user during electronic transactions between the user and another party.
According to one embodiment of the invention, a system is provided for conducting secure transactions. The system includes a secure server, an electronic merchant (and/or financial institution), and a user computer. The secure server stores security information for a plurality of users and authorizes transactions being conducted by these users. The electronic
3 merchant functions as a vendor providing various products and/or services for purchase. The user computer includes a trusted platform module (TPM) for storing/sealing security information relating to at least one user account.
The user computer system also includes a virtual appliance module for creating at least one protected environment. The processes running in the protected environment are inaccessible to other process or applications running outside of the protected environment. When a user conducts an electronic transaction with an electronic merchant, the transaction is authenticated by the secure server before can be completed.
These, together with other objects of the invention, along with the various features of novelty which characterize the invention, are pointed out with particularity in the claims annexed to and forming a part of this disclosure. For a better understanding of the invention, its operating advantages and the specific objects attained by its uses, reference should be had to the accompanying drawings and descriptive matter in which there is illustrated preferred embodiments of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram illustrating an arrangement for conducting secure financial transactions according to an exemplary embodiment of the present invention;
Figure 2 is a flowchart illustrating the steps performed to register a user's account to support secure financial transactions; and Figure 3 is a flowchart illustrating the steps performed when conducting a secure financial transaction according to one embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
Reference now will be made in detail to the presently preferred embodiments of the invention. Such embodiments are provided by way of explanation of the invention, which is not intended to be limited thereto. In fact, those of ordinary skill in the art may appreciate upon reading the present specification and viewing the present drawings that various modifications and variations can be made.
For example, features illustrated or described as part of one embodiment can be used on other embodiments to yield a still further
The user computer system also includes a virtual appliance module for creating at least one protected environment. The processes running in the protected environment are inaccessible to other process or applications running outside of the protected environment. When a user conducts an electronic transaction with an electronic merchant, the transaction is authenticated by the secure server before can be completed.
These, together with other objects of the invention, along with the various features of novelty which characterize the invention, are pointed out with particularity in the claims annexed to and forming a part of this disclosure. For a better understanding of the invention, its operating advantages and the specific objects attained by its uses, reference should be had to the accompanying drawings and descriptive matter in which there is illustrated preferred embodiments of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram illustrating an arrangement for conducting secure financial transactions according to an exemplary embodiment of the present invention;
Figure 2 is a flowchart illustrating the steps performed to register a user's account to support secure financial transactions; and Figure 3 is a flowchart illustrating the steps performed when conducting a secure financial transaction according to one embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
Reference now will be made in detail to the presently preferred embodiments of the invention. Such embodiments are provided by way of explanation of the invention, which is not intended to be limited thereto. In fact, those of ordinary skill in the art may appreciate upon reading the present specification and viewing the present drawings that various modifications and variations can be made.
For example, features illustrated or described as part of one embodiment can be used on other embodiments to yield a still further
4 embodiment. Additionally, certain features may be interchanged with similar devices or features not mentioned yet which perform the same or similar functions. It is therefore intended that such modifications and variations are included within the totality of the present invention.
The detailed descriptions which follow may be presented in terms of program procedures executed on a computer or network of computers.
These procedural descriptions and representations are the means used by those skilled in the art to most effectively convey the substance of their work to others skilled in the art.
The present invention also relates to apparatus for performing these operations. This apparatus may be specially constructed for the required purpose or it may include a general purpose computer as selectively activated or reconfigured by a computer program stored in the computer. The procedures presented herein are not inherently related to a particular computer or other apparatus. Various general purpose machines may be used with programs written in accordance with the teachings herein, or it may prove more convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these machines will appear from the description given.
Referring to the drawings, and initially to Figure 1, a system 100 is shown for conducting financial transactions using, in part, a trusted platform module (TPM). According to the system, at least three different parties are able to interact with each other at different times (or simultaneously) across a network such as the internet 150. The first party is a user who will conduct financial transactions with a financial institution such as a bank 140.
According to one or more embodiments of the invention, the user is also able to conduct transactions with merchants (140) or other entities from which a purchase will be made. A secure server 130 is provided to store information for authenticating the user and approve or deny the transactions being made.
The user interacts with a user computer system 110 in order to access the secure server 130 or the bank 140. As used herein, computer system can be any type of equipment that allows the user to access the network 150 and perform various transactions. For example, the computer system 110 can be a conventional desktop computer, a laptop, a terminal, a mobile phone having network access, etc. Further, network communication can be conducted using conventional data communication cables, power transmission lines, wireless transmission devices, mobile communication networks etc.
The user computer system 110 includes appropriate hardware and
The detailed descriptions which follow may be presented in terms of program procedures executed on a computer or network of computers.
These procedural descriptions and representations are the means used by those skilled in the art to most effectively convey the substance of their work to others skilled in the art.
The present invention also relates to apparatus for performing these operations. This apparatus may be specially constructed for the required purpose or it may include a general purpose computer as selectively activated or reconfigured by a computer program stored in the computer. The procedures presented herein are not inherently related to a particular computer or other apparatus. Various general purpose machines may be used with programs written in accordance with the teachings herein, or it may prove more convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these machines will appear from the description given.
Referring to the drawings, and initially to Figure 1, a system 100 is shown for conducting financial transactions using, in part, a trusted platform module (TPM). According to the system, at least three different parties are able to interact with each other at different times (or simultaneously) across a network such as the internet 150. The first party is a user who will conduct financial transactions with a financial institution such as a bank 140.
According to one or more embodiments of the invention, the user is also able to conduct transactions with merchants (140) or other entities from which a purchase will be made. A secure server 130 is provided to store information for authenticating the user and approve or deny the transactions being made.
The user interacts with a user computer system 110 in order to access the secure server 130 or the bank 140. As used herein, computer system can be any type of equipment that allows the user to access the network 150 and perform various transactions. For example, the computer system 110 can be a conventional desktop computer, a laptop, a terminal, a mobile phone having network access, etc. Further, network communication can be conducted using conventional data communication cables, power transmission lines, wireless transmission devices, mobile communication networks etc.
The user computer system 110 includes appropriate hardware and
5 software for establishing a virtual appliance module 114 that runs on the TPM
126. The virtual appliance module 114 creates a secure program execution space that prevents access from any other processes running on the user computer system 110. The virtual appliance module 114 includes an encryption engine 116 for encrypting information that has been retrieved or stored, a key management system 118 that manages various keys to perform transactions, and a secure transaction protocol 120 that establishes the appropriate security encryption level for data that is received or transmitted by the virtual appliance module 114. According to alternative embodiments of the invention, the encryption engine 116 and the key management system 118 can be incorporated within the TPM 126.
The user computer system 110 also includes a CPU 112 for executing program code and controlling the operation of peripherals and devices connected thereto. According to the present invention, the user computer system 110 includes a TPM 126 that is embedded at the CPU or bios/chipset level in order to prevent tempering and/or manipulation by external programs.
The TPM 126 can include, for example, a non-volatile storage area 122 for storing information necessary to conduct secure transactions such as issuer key information. Alternatively, and in addition to such storage, a separate storage 124 area may be provided to store information pertaining to the user's card (e.g., check card, credit card, bank card, etc.).
The user is able to establish a communication link to the bank 140 and/or secure server 130. The bank 140 can include, for example, one or more computer systems 142 (e.g., PC, server, etc.) as well as one or more data storage devices 144 (e.g., tape, magnetic, optical, etc.). Similarly, the secure server 130 can include one or more computer systems 132 as well as data storage devices 134. Further, such storage devices (134, 144) can be internal or external. The secure server 130 and bank 140 can also include distributed computer systems that utilize private communication networks for security.
126. The virtual appliance module 114 creates a secure program execution space that prevents access from any other processes running on the user computer system 110. The virtual appliance module 114 includes an encryption engine 116 for encrypting information that has been retrieved or stored, a key management system 118 that manages various keys to perform transactions, and a secure transaction protocol 120 that establishes the appropriate security encryption level for data that is received or transmitted by the virtual appliance module 114. According to alternative embodiments of the invention, the encryption engine 116 and the key management system 118 can be incorporated within the TPM 126.
The user computer system 110 also includes a CPU 112 for executing program code and controlling the operation of peripherals and devices connected thereto. According to the present invention, the user computer system 110 includes a TPM 126 that is embedded at the CPU or bios/chipset level in order to prevent tempering and/or manipulation by external programs.
The TPM 126 can include, for example, a non-volatile storage area 122 for storing information necessary to conduct secure transactions such as issuer key information. Alternatively, and in addition to such storage, a separate storage 124 area may be provided to store information pertaining to the user's card (e.g., check card, credit card, bank card, etc.).
The user is able to establish a communication link to the bank 140 and/or secure server 130. The bank 140 can include, for example, one or more computer systems 142 (e.g., PC, server, etc.) as well as one or more data storage devices 144 (e.g., tape, magnetic, optical, etc.). Similarly, the secure server 130 can include one or more computer systems 132 as well as data storage devices 134. Further, such storage devices (134, 144) can be internal or external. The secure server 130 and bank 140 can also include distributed computer systems that utilize private communication networks for security.
6 Fig. 2 is a flowchart illustrating the steps performed for registering security data from the bank with the user in order to enable secure transactions, in accordance with at least one embodiment of the present invention. At step S210, the user establishes a communication link with the financial institution over the network.
At step 212, the user is prompted to supply authentication information to confirm his/her identity with the financial institution. The authentication information can include, for example, the user's account number, credit/debit card number, personal information, etc. At step 214, the financial institution verifies the information supplied by the user in order to confirm the user's identity and the account being registered. At step 216, the user receives a password generated by the financial institution. At step 218, the user establishes a secure connection to the financial institution in order to continue the registration process. At step 220, the user is prompted to supply the password that has been generated by the financial institution. At step 226, the financial institution confirms the user's password so that the secure connection can be authenticated.
Once the secure connection is authenticated, a conventional secure channel is established between the user computer system and the financial institution. This secure channel can utilize, for example, encryption technology included in the browser or operating system. At step 222, security data is received from the financial institution. The security data corresponds to specific information that has been generated for the user's registered account. According to one or more embodiments of the invention, the security data can also be supplied in an encrypted form to further reduce the risk of theft. At step 224, the security data is embedded in non-volatile storage, such as memory, disk, TPM, chipset, etc., of the computer system. The data is operated upon during online transactions. Prior to embedding the security data, the user may be prompted to resubmit the password information for confirmation of his/her identity. At step 228, the user terminates the connection with the financial institution.
Fig. 3 is a flowchart illustrating the steps performed in conducting a transaction in accordance with at least one embodiment of the claimed invention. At step 310, the user accesses a merchant's website. As
At step 212, the user is prompted to supply authentication information to confirm his/her identity with the financial institution. The authentication information can include, for example, the user's account number, credit/debit card number, personal information, etc. At step 214, the financial institution verifies the information supplied by the user in order to confirm the user's identity and the account being registered. At step 216, the user receives a password generated by the financial institution. At step 218, the user establishes a secure connection to the financial institution in order to continue the registration process. At step 220, the user is prompted to supply the password that has been generated by the financial institution. At step 226, the financial institution confirms the user's password so that the secure connection can be authenticated.
Once the secure connection is authenticated, a conventional secure channel is established between the user computer system and the financial institution. This secure channel can utilize, for example, encryption technology included in the browser or operating system. At step 222, security data is received from the financial institution. The security data corresponds to specific information that has been generated for the user's registered account. According to one or more embodiments of the invention, the security data can also be supplied in an encrypted form to further reduce the risk of theft. At step 224, the security data is embedded in non-volatile storage, such as memory, disk, TPM, chipset, etc., of the computer system. The data is operated upon during online transactions. Prior to embedding the security data, the user may be prompted to resubmit the password information for confirmation of his/her identity. At step 228, the user terminates the connection with the financial institution.
Fig. 3 is a flowchart illustrating the steps performed in conducting a transaction in accordance with at least one embodiment of the claimed invention. At step 310, the user accesses a merchant's website. As
7 PCT/US2008/010235 previously discussed, this can be done by establishing a connection to the Internet and browsing to an address registered to the merchant. The user is then able to review various products and/or services offered by the merchant.
At step 312, the user selects an item for purchase and proceeds to the electronic checkout where payment will be submitted. At step 314, it is determined if the user is authorized to perform secure transactions using the TPM. If the user is authorized, then control passes to step 316. Otherwise, control passes to step 318 where the user is required to register with a financial institution. As previously discussed, such a registration process involves creation of security information for at least one user account. The security information is subsequently embedded in non-volatile memory of the computer. Once the user has registered with the financial institution, control passes to step 316 where the user establishes a connection to the secure server 130. At step 320, the user is prompted to provide authentication information such as a PIN, fingerprint, etc. As can be appreciated, the virtual appliance module with protected graphics is running in the user computer during this process. Accordingly, information displayed within graphics frame buffer is protected from access or compromise by unauthorized software. The authentication information is therefore securely input by the user.
At step 322, the virtual appliance module executes an encryption routine to encrypt the security data such as cardholder data, retrieved from a secured storage, and the PIN or other authentication parameters, obtained from secured input, to form an encrypted PIN block or a cryptogram that is necessary in a transaction. The encryption is done either within the processor (e.g. the CPU) in the trusted environment or inside the secure hardware unit (e.g. TPM).
At step 324, the virtual appliance module supplies the transaction information and the encrypted PIN block to the secure server 130. The transaction information can include, for example, the merchant name, item name, item number, price, billing address, etc. According to one or more embodiments of the present invention, the transaction information can include a confirmation number that has been generated by the merchant.
At step 326, the transaction information is verified by the secure server 130, based at least in part, on the password supplied by the user and security
At step 312, the user selects an item for purchase and proceeds to the electronic checkout where payment will be submitted. At step 314, it is determined if the user is authorized to perform secure transactions using the TPM. If the user is authorized, then control passes to step 316. Otherwise, control passes to step 318 where the user is required to register with a financial institution. As previously discussed, such a registration process involves creation of security information for at least one user account. The security information is subsequently embedded in non-volatile memory of the computer. Once the user has registered with the financial institution, control passes to step 316 where the user establishes a connection to the secure server 130. At step 320, the user is prompted to provide authentication information such as a PIN, fingerprint, etc. As can be appreciated, the virtual appliance module with protected graphics is running in the user computer during this process. Accordingly, information displayed within graphics frame buffer is protected from access or compromise by unauthorized software. The authentication information is therefore securely input by the user.
At step 322, the virtual appliance module executes an encryption routine to encrypt the security data such as cardholder data, retrieved from a secured storage, and the PIN or other authentication parameters, obtained from secured input, to form an encrypted PIN block or a cryptogram that is necessary in a transaction. The encryption is done either within the processor (e.g. the CPU) in the trusted environment or inside the secure hardware unit (e.g. TPM).
At step 324, the virtual appliance module supplies the transaction information and the encrypted PIN block to the secure server 130. The transaction information can include, for example, the merchant name, item name, item number, price, billing address, etc. According to one or more embodiments of the present invention, the transaction information can include a confirmation number that has been generated by the merchant.
At step 326, the transaction information is verified by the secure server 130, based at least in part, on the password supplied by the user and security
8 data retrieved from the user computer system. If the secure server 130 cannot verify the transaction, a rejection is transmitted to the merchant at step 330. For example, if the security data retrieved from the user PC does not match the information stored in the secure server's database, the transaction would not be verified. As another example, if the password supplied by the user cannot be confirmed, the transaction would not be verified. According to one or more embodiments of the invention, the merchant can optionally take appropriate precautions to address such situations. At step 332, the merchant can initiate appropriate fraud precautions based on internal rules and procedures. At step 334, the rejection information would be supplied to the user together with, for example, an indication that possible fraud activities may be in progress.
If the secure server 130 verifies the transaction information, then approval is sent to the merchant at step 328. The merchant is then free to complete the transaction with the user at step 336. Depending on the type of network being used, the user may be allowed to maintain a continuous communication link with both the secure server 130 and merchant. The transaction process subsequently ends at step 338.
As can be appreciated, the present invention substitutes import of data representative of information in the magnetic stripe of an ATM card from the user's bank account using a secure bidirectional connection for the peripheral PIN entry device. Once the secure data is transferred from the bank to the user's web connected device the data can be embedded therein.
The present invention can be embodied in a client-server model. In such an arrangement, the device is the client and a website where the secure transaction is to occur acts as the server. In order to initiate a secure transaction, an online session is established where the server recognizes communication with a secure web connected device, identifies the secure data, and requests the user to provide a PIN. This fulfills the requirements of two-factor authentication in that the first factor of something available to the user is in the form of data secured from the bank in the web connected device thus replacing the need to swipe the users ATM card because the data is now embedded securely in the invention. To complete the second requirement in
If the secure server 130 verifies the transaction information, then approval is sent to the merchant at step 328. The merchant is then free to complete the transaction with the user at step 336. Depending on the type of network being used, the user may be allowed to maintain a continuous communication link with both the secure server 130 and merchant. The transaction process subsequently ends at step 338.
As can be appreciated, the present invention substitutes import of data representative of information in the magnetic stripe of an ATM card from the user's bank account using a secure bidirectional connection for the peripheral PIN entry device. Once the secure data is transferred from the bank to the user's web connected device the data can be embedded therein.
The present invention can be embodied in a client-server model. In such an arrangement, the device is the client and a website where the secure transaction is to occur acts as the server. In order to initiate a secure transaction, an online session is established where the server recognizes communication with a secure web connected device, identifies the secure data, and requests the user to provide a PIN. This fulfills the requirements of two-factor authentication in that the first factor of something available to the user is in the form of data secured from the bank in the web connected device thus replacing the need to swipe the users ATM card because the data is now embedded securely in the invention. To complete the second requirement in
9 the two-factor authentication process, the user enters a PIN which is encrypted and transmitted by the web connected device to the server.
The present invention advantageously substitutes then need for a tamper resistant peripheral by utilizing tamper resistance in a self-contained module within the Web connected device, and with secured input and output allowing for the securing of bank sensitive data and the entry of a PIN to complete a two-factor authentication without a peripheral.
According to various embodiments of the invention, a system for creating a secure transaction platform would include a user computer system with a hardware unit for providing a trusted computing environment, sealing of cardholder data and other security information. The hardware unit can be a part of a secure processor, a co-processor, part of a chipset or a secure module such as a TPM. An OS Kernel or processor routine can be used to manage the resources dedicated to the trusted computing environment. A
transaction payment application software can be used to perform online transactions. The application can either run as a virtual machine, a standalone application, or within other agents such as a web browser. The system can also include an online merchant/financial institute for providing a plurality of products and/or services for purchase and/or all other kind of transactions including balance inquiry, deposit, transfer, etc. A secure server can subsequently authorize transactions initiated by the plurality of users.
The secure server can approve or reject a transaction based on the cardholder data and PIN or other authentication parameters provided.
According to other embodiments, a transaction payment software running on a trusted computing environment can be used to provide:
(1) A protected execution environment where no other unauthorized software can access or compromise the information being operated upon.
The trusted execution environment ensures the integrity and confidentiality transaction payment software, making it free from attack from other malicious programs.
(2) A secure network connection mechanism, e.g. trusted network connect (TNC), for mutual authentication of client and server. The secure network connection provides a safe communication channel between the customer and bank/merchant in an online transaction. The bank/merchant knows that it is talking to its intended customer and the customer knows that he is going to the intended, genuine web site but not some phishing sites.
(3) Protected input channels where input such as keystrokes and mouse clicks are encrypted and thus protected from access or compromise by 5 unauthorized software; and (4) Protected graphics where information display within graphics frame buffer are protected from access or compromise by unauthorized software.
With protected input and output, a user enters a PIN or inputs other authentication parameters such as fingerprints, etc., free from keyloggers,
The present invention advantageously substitutes then need for a tamper resistant peripheral by utilizing tamper resistance in a self-contained module within the Web connected device, and with secured input and output allowing for the securing of bank sensitive data and the entry of a PIN to complete a two-factor authentication without a peripheral.
According to various embodiments of the invention, a system for creating a secure transaction platform would include a user computer system with a hardware unit for providing a trusted computing environment, sealing of cardholder data and other security information. The hardware unit can be a part of a secure processor, a co-processor, part of a chipset or a secure module such as a TPM. An OS Kernel or processor routine can be used to manage the resources dedicated to the trusted computing environment. A
transaction payment application software can be used to perform online transactions. The application can either run as a virtual machine, a standalone application, or within other agents such as a web browser. The system can also include an online merchant/financial institute for providing a plurality of products and/or services for purchase and/or all other kind of transactions including balance inquiry, deposit, transfer, etc. A secure server can subsequently authorize transactions initiated by the plurality of users.
The secure server can approve or reject a transaction based on the cardholder data and PIN or other authentication parameters provided.
According to other embodiments, a transaction payment software running on a trusted computing environment can be used to provide:
(1) A protected execution environment where no other unauthorized software can access or compromise the information being operated upon.
The trusted execution environment ensures the integrity and confidentiality transaction payment software, making it free from attack from other malicious programs.
(2) A secure network connection mechanism, e.g. trusted network connect (TNC), for mutual authentication of client and server. The secure network connection provides a safe communication channel between the customer and bank/merchant in an online transaction. The bank/merchant knows that it is talking to its intended customer and the customer knows that he is going to the intended, genuine web site but not some phishing sites.
(3) Protected input channels where input such as keystrokes and mouse clicks are encrypted and thus protected from access or compromise by 5 unauthorized software; and (4) Protected graphics where information display within graphics frame buffer are protected from access or compromise by unauthorized software.
With protected input and output, a user enters a PIN or inputs other authentication parameters such as fingerprints, etc., free from keyloggers,
10 screen capture programs or other malicious software.
The present invention is also capable of providing a methodology for storing cardholder data and other secure and sensitive information in a user computer. The data is encrypted and stored in non-volatile storage media (memory, disk, etc.) and operated upon during an online transaction. The actual physical storage of the data can either be inside or outside of the secure processor or TPM. Furthermore, security data such as cardholder data, retrieved from a secured storage, and the PIN or other authentication parameters, obtained from secured input, are encrypted to form a encrypted pin block or a cryptogram that are necessary in a transaction. The encryption is done either within the processor (e.g. the CPU) in the trusted environment or inside the secure hardware unit (e.g. TPM).
The many features and advantages of the invention are apparent from the detailed specification, and thus, it is intended by the appended claims to cover all such features and advantages of the invention which fall within the true spirit and scope of the invention. Further, since numerous modifications and variations will readily occur to those skilled in the art, it is not desired to limit the invention to the exact construction and operation illustrated and described, and accordingly, all suitable modifications and equivalents may be resorted to, falling within the scope of the invention.
The present invention is also capable of providing a methodology for storing cardholder data and other secure and sensitive information in a user computer. The data is encrypted and stored in non-volatile storage media (memory, disk, etc.) and operated upon during an online transaction. The actual physical storage of the data can either be inside or outside of the secure processor or TPM. Furthermore, security data such as cardholder data, retrieved from a secured storage, and the PIN or other authentication parameters, obtained from secured input, are encrypted to form a encrypted pin block or a cryptogram that are necessary in a transaction. The encryption is done either within the processor (e.g. the CPU) in the trusted environment or inside the secure hardware unit (e.g. TPM).
The many features and advantages of the invention are apparent from the detailed specification, and thus, it is intended by the appended claims to cover all such features and advantages of the invention which fall within the true spirit and scope of the invention. Further, since numerous modifications and variations will readily occur to those skilled in the art, it is not desired to limit the invention to the exact construction and operation illustrated and described, and accordingly, all suitable modifications and equivalents may be resorted to, falling within the scope of the invention.
Claims (4)
1. A method for effecting a secure financial transaction between a user and a merchant, comprising:
establishing a connection between a secure server and a user computer comprising a virtual appliance module that creates a secure program execution space that prevents access from any other processes running on the user computer system, said virtual appliance module containing transaction information, said connection being established without an external point of sale device;
inputting at least one authentication parameter;
retrieving security information located on said virtual appliance module;
encrypting said security information along with said at least one authentication parameter to form an encrypted Personal Identification Number (PIN) block;
retrieving said transaction information located on said virtual appliance module;
submitting said encrypted PIN block and said transaction information to said secure server;
verifying said security information within the encrypted PIN block;
verifying said transaction information based on said security information; and sending an indication of the validity of the security information said merchant.
establishing a connection between a secure server and a user computer comprising a virtual appliance module that creates a secure program execution space that prevents access from any other processes running on the user computer system, said virtual appliance module containing transaction information, said connection being established without an external point of sale device;
inputting at least one authentication parameter;
retrieving security information located on said virtual appliance module;
encrypting said security information along with said at least one authentication parameter to form an encrypted Personal Identification Number (PIN) block;
retrieving said transaction information located on said virtual appliance module;
submitting said encrypted PIN block and said transaction information to said secure server;
verifying said security information within the encrypted PIN block;
verifying said transaction information based on said security information; and sending an indication of the validity of the security information said merchant.
2. The method of claim 1 further comprising verifying whether said user is authorized to perform said secure financial transaction.
3. The method of claim 2 further comprising registering said user to perform said secure financial transaction.
4. The method of claim 3 wherein registering comprises supplying said at least one authentication parameter;
establishing a secure connection to the secure server;
exchanging said security information relating to said user; and embedding said security information in said virtual appliance module.
establishing a secure connection to the secure server;
exchanging said security information relating to said user; and embedding said security information in said virtual appliance module.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US96926107P | 2007-08-31 | 2007-08-31 | |
| US60/969,261 | 2007-08-31 | ||
| PCT/US2008/010235 WO2009032187A1 (en) | 2007-08-31 | 2008-08-29 | Apparatus and method for conducting secure financial transactions |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2698086A1 CA2698086A1 (en) | 2009-03-12 |
| CA2698086C true CA2698086C (en) | 2017-05-23 |
Family
ID=40429190
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2698086A Active CA2698086C (en) | 2007-08-31 | 2008-08-29 | Apparatus and method for conducting secure financial transactions |
Country Status (5)
| Country | Link |
|---|---|
| US (2) | US9053471B2 (en) |
| EP (1) | EP2186238A4 (en) |
| JP (1) | JP5608081B2 (en) |
| CA (1) | CA2698086C (en) |
| WO (1) | WO2009032187A1 (en) |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2698086C (en) * | 2007-08-31 | 2017-05-23 | Homeatm Epayment Solutions | Apparatus and method for conducting secure financial transactions |
| US9584322B2 (en) * | 2010-03-08 | 2017-02-28 | Intel Corporation | System and method for hypervisor-based remediation and provisioning of a computer |
| WO2012023050A2 (en) | 2010-08-20 | 2012-02-23 | Overtis Group Limited | Secure cloud computing system and method |
| RU2587423C2 (en) | 2013-09-26 | 2016-06-20 | Закрытое акционерное общество "Лаборатория Касперского" | System and method of providing safety of online transactions |
| US20170039557A1 (en) * | 2014-04-28 | 2017-02-09 | Hewlett Packard Enterprise Development Lp | Virtual point of sale |
| EP2950229B1 (en) * | 2014-05-28 | 2018-09-12 | Nxp B.V. | Method for facilitating transactions, computer program product and mobile device |
| FR3028639B1 (en) * | 2014-11-17 | 2016-12-23 | Oberthur Technologies | METHOD FOR SECURING A PAYMENT TOKEN |
| WO2016129863A1 (en) | 2015-02-12 | 2016-08-18 | Samsung Electronics Co., Ltd. | Payment processing method and electronic device supporting the same |
| KR102460459B1 (en) | 2015-02-27 | 2022-10-28 | 삼성전자주식회사 | Method and apparatus for providing card service using electronic device |
| US10193700B2 (en) | 2015-02-27 | 2019-01-29 | Samsung Electronics Co., Ltd. | Trust-zone-based end-to-end security |
| WO2016137277A1 (en) | 2015-02-27 | 2016-09-01 | Samsung Electronics Co., Ltd. | Electronic device providing electronic payment function and operating method thereof |
| WO2018209138A1 (en) * | 2017-05-10 | 2018-11-15 | Mine Zero Gmbh | Secure telecommunications and transactional platform |
| EP3268917A4 (en) | 2015-03-12 | 2018-12-05 | Mine Zero GmbH | Transactional platform |
| WO2016187662A1 (en) * | 2015-05-25 | 2016-12-01 | Isx Ip Ltd | Secure payment |
| US10699274B2 (en) * | 2015-08-24 | 2020-06-30 | Samsung Electronics Co., Ltd. | Apparatus and method for secure electronic payment |
| US10846696B2 (en) | 2015-08-24 | 2020-11-24 | Samsung Electronics Co., Ltd. | Apparatus and method for trusted execution environment based secure payment transactions |
| EP3142056A1 (en) | 2015-09-09 | 2017-03-15 | Samsung Electronics Co., Ltd. | Method and apparatus for performing payment |
| US10817593B1 (en) * | 2015-12-29 | 2020-10-27 | Wells Fargo Bank, N.A. | User information gathering and distribution system |
| US10025933B2 (en) | 2016-05-25 | 2018-07-17 | Bank Of America Corporation | System for utilizing one or more data sources to generate a customized set of operations |
| US10097552B2 (en) | 2016-05-25 | 2018-10-09 | Bank Of America Corporation | Network of trusted users |
| US10223426B2 (en) | 2016-05-25 | 2019-03-05 | Bank Of America Corporation | System for providing contextualized search results of help topics |
| US10437610B2 (en) | 2016-05-25 | 2019-10-08 | Bank Of America Corporation | System for utilizing one or more data sources to generate a customized interface |
| US10134070B2 (en) | 2016-05-25 | 2018-11-20 | Bank Of America Corporation | Contextualized user recapture system |
| WO2019190468A1 (en) | 2018-03-27 | 2019-10-03 | Visa International Service Association | System and method for authorizing and provisioning a token to an appliance |
| US11810105B2 (en) | 2019-06-20 | 2023-11-07 | Visa International Service Association | System and method for authorizing and provisioning a token to an appliance |
| US11432149B1 (en) | 2019-10-10 | 2022-08-30 | Wells Fargo Bank, N.A. | Self-sovereign identification via digital credentials for selected identity attributes |
Family Cites Families (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2748591B1 (en) | 1996-05-07 | 1998-06-05 | France Telecom | METHOD FOR PERFORMING A SECURE ELECTRONIC TRANSACTION WITH DOUBLE SIGNATURE |
| US5930804A (en) * | 1997-06-09 | 1999-07-27 | Philips Electronics North America Corporation | Web-based biometric authentication system and method |
| US7290288B2 (en) * | 1997-06-11 | 2007-10-30 | Prism Technologies, L.L.C. | Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network |
| EP1076279A1 (en) * | 1999-08-13 | 2001-02-14 | Hewlett-Packard Company | Computer platforms and their methods of operation |
| US6834271B1 (en) * | 1999-09-24 | 2004-12-21 | Kryptosima | Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet |
| DE10001097A1 (en) * | 2000-01-13 | 2001-07-19 | Scm Microsystems Gmbh | Electronic payment system for services, software and multimedia content |
| JP2002247029A (en) * | 2000-02-02 | 2002-08-30 | Sony Corp | Certification device, certification system and its method, communication device, communication controller, communication system and its method, information recording method and its device, information restoring method and its device, and recording medium |
| US20060190412A1 (en) * | 2000-02-11 | 2006-08-24 | Maurice Ostroff | Method and system for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites |
| US7280984B2 (en) * | 2000-05-08 | 2007-10-09 | Phelan Iii Frank | Money card system, method and apparatus |
| US7472092B2 (en) * | 2000-05-08 | 2008-12-30 | Patricia Phelan | Money order device with identity verification and method |
| US7392388B2 (en) | 2000-09-07 | 2008-06-24 | Swivel Secure Limited | Systems and methods for identity verification for secure transactions |
| JP2002163584A (en) * | 2000-11-24 | 2002-06-07 | Fujitsu Ltd | Card payment method and system using portable information terminal |
| US20020123972A1 (en) * | 2001-02-02 | 2002-09-05 | Hodgson Robert B. | Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet |
| US7197168B2 (en) * | 2001-07-12 | 2007-03-27 | Atrua Technologies, Inc. | Method and system for biometric image assembly from multiple partial biometric frame scans |
| DE10136608B4 (en) * | 2001-07-16 | 2005-12-08 | Francotyp-Postalia Ag & Co. Kg | Method and system for real-time recording with security module |
| US7069442B2 (en) * | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
| US7028149B2 (en) * | 2002-03-29 | 2006-04-11 | Intel Corporation | System and method for resetting a platform configuration register |
| US20040019564A1 (en) * | 2002-07-26 | 2004-01-29 | Scott Goldthwaite | System and method for payment transaction authentication |
| JP2004094619A (en) | 2002-08-30 | 2004-03-25 | Dainippon Printing Co Ltd | Authentication method and system |
| US20040044739A1 (en) * | 2002-09-04 | 2004-03-04 | Robert Ziegler | System and methods for processing PIN-authenticated transactions |
| US20040199469A1 (en) * | 2003-03-21 | 2004-10-07 | Barillova Katrina A. | Biometric transaction system and method |
| US7526652B2 (en) * | 2003-09-04 | 2009-04-28 | Accullink, Inc. | Secure PIN management |
| US20050091494A1 (en) * | 2003-10-23 | 2005-04-28 | Hyser Chris D. | Method and system for providing an external trusted agent for one or more computer systems |
| US20050166051A1 (en) * | 2004-01-26 | 2005-07-28 | Mark Buer | System and method for certification of a secure platform |
| WO2005109360A1 (en) * | 2004-05-10 | 2005-11-17 | Hani Girgis | Secure pin entry using personal computer |
| US7987356B2 (en) * | 2004-11-29 | 2011-07-26 | Broadcom Corporation | Programmable security platform |
| US20060136717A1 (en) * | 2004-12-20 | 2006-06-22 | Mark Buer | System and method for authentication via a proximate device |
| US20070027820A1 (en) * | 2005-07-28 | 2007-02-01 | Amir Elharar | Methods and systems for securing electronic transactions |
| JP4408868B2 (en) * | 2006-03-06 | 2010-02-03 | 富士通株式会社 | Software providing method and information processing apparatus |
| US7818264B2 (en) * | 2006-06-19 | 2010-10-19 | Visa U.S.A. Inc. | Track data encryption |
| US8272002B2 (en) * | 2006-08-18 | 2012-09-18 | Fujitsu Limited | Method and system for implementing an external trusted platform module |
| CA2698086C (en) * | 2007-08-31 | 2017-05-23 | Homeatm Epayment Solutions | Apparatus and method for conducting secure financial transactions |
| US8055545B2 (en) * | 2007-08-31 | 2011-11-08 | 4361423 Canada Inc. | Apparatus and method for conducting secure financial transactions |
| US20090327114A1 (en) * | 2008-06-30 | 2009-12-31 | Sheth Nandan S | Systems and Methods For Secure Pin-Based Transactions Via a Host Based Pin Pad |
-
2008
- 2008-08-29 CA CA2698086A patent/CA2698086C/en active Active
- 2008-08-29 WO PCT/US2008/010235 patent/WO2009032187A1/en active Application Filing
- 2008-08-29 EP EP08795685.0A patent/EP2186238A4/en not_active Ceased
- 2008-08-29 US US12/675,621 patent/US9053471B2/en active Active
- 2008-08-29 JP JP2010522962A patent/JP5608081B2/en active Active
-
2015
- 2015-05-12 US US14/710,035 patent/US20150248671A1/en not_active Abandoned
Also Published As
| Publication number | Publication date |
|---|---|
| US9053471B2 (en) | 2015-06-09 |
| CA2698086A1 (en) | 2009-03-12 |
| EP2186238A4 (en) | 2016-01-27 |
| EP2186238A1 (en) | 2010-05-19 |
| JP5608081B2 (en) | 2014-10-15 |
| JP2010538359A (en) | 2010-12-09 |
| WO2009032187A1 (en) | 2009-03-12 |
| US20150248671A1 (en) | 2015-09-03 |
| US20110099112A1 (en) | 2011-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2698086C (en) | Apparatus and method for conducting secure financial transactions | |
| US8055545B2 (en) | Apparatus and method for conducting secure financial transactions | |
| US8661520B2 (en) | Systems and methods for identification and authentication of a user | |
| US7548890B2 (en) | Systems and methods for identification and authentication of a user | |
| JP4846154B2 (en) | Method and system for secure authentication settlement in a computer network | |
| KR100806993B1 (en) | Method and apparatus for conducting electronic transactions | |
| US8566250B2 (en) | Biometric identification device and methods for secure transactions | |
| US20010051924A1 (en) | On-line based financial services method and system utilizing biometrically secured transactions for issuing credit | |
| US20060136332A1 (en) | System and method for electronic check verification over a network | |
| US20200273031A1 (en) | Secure end-to-end online transaction systems and methods | |
| US20160086172A1 (en) | Trusted execution environment for transport layer security key pair associated with electronic commerce and card not present transactions | |
| US20120317018A1 (en) | Systems and methods for protecting account identifiers in financial transactions | |
| US8620824B2 (en) | Pin protection for portable payment devices | |
| US20110022837A1 (en) | Method and Apparatus For Performing Secure Transactions Via An Insecure Computing and Communications Medium | |
| NO335081B1 (en) | Procedure, system and device for smart access control for e-commerce payment | |
| US20120158565A1 (en) | System and Method for Financial Budgeting | |
| AU2021329996A1 (en) | Electronic payments systems, methods and apparatus | |
| Peng et al. | Secure online banking on untrusted computers | |
| KR20060049057A (en) | E-commerce verification and payment method | |
| WO2011156911A1 (en) | System, device and method for secure handling of key credential information within network servers field of the invention | |
| CA2353308A1 (en) | Electronic transaction system and method | |
| WO2019162879A2 (en) | System, apparatus, and method for inhibiting payment frauds |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |
Effective date: 20130702 |